Implement automated TLS trust via http-endpoint relation

[jjimenezgarcia]

Overview

This PR introduces automated CA propagation through the http-endpoint relation interface.
When Falcosidekick exposes an HTTPS endpoint signed by a private or self-managed CA, the corresponding CA certificate is now published via the relation and automatically installed into Falco’s system trust store.
This enables Falco to validate TLS connections to Falcosidekick without requiring manual certificate distribution or configuration.

Rationale

Previously, when Falcosidekick was configured with TLS using a private or self-signed CA, Falco required manual trust configuration or additional operational steps to validate the connection.

This change aligns the integration with secure-by-default principles by ensuring that TLS identity validation is automatically and correctly configured through Juju relations.

Juju Events Changes

• config_changed: Priority logic adjusted to ensure security data obtained via relation (SAAS or local) prevails over static configurations.

Module Changes

• CharmState): include ca_cert as an optional field. Refined the from_charm method to process the new data structure of the interface.

Library Changes

falcosidekick_http_endpoint:

- Implemented the get_endpoints() method in the Requirer class to facilitate access to multiple units or endpoints.
- Updated data transfer logic to include the ca_cert field in the exchange between applications.

Checklist

• The charm style guide was applied
• The contributing guide was applied
• The changes are compliant with ISD014 - Managing Charm Complexity
• The documentation for charmhub is updated
• The PR is tagged with appropriate label (urgent, trivial, senior-review-required, documentation)
• The docs/changelog.md is updated with user-relevant changes.

[github-actions]

Test results for commit ff47140

Test coverage for ff47140

Name             Stmts   Miss Branch BrPart  Cover   Missing
------------------------------------------------------------
src/charm.py        56      4      8      2    88%   101-103, 113
src/config.py       25      1      6      1    94%   52
src/service.py     242     17     20      0    92%   102, 107, 202-203, 337-354
src/state.py        59      9      8      1    82%   129-141
------------------------------------------------------------
TOTAL              382     31     42      4    90%

Static code analysis report

Run started:2026-02-18 15:36:17.250322+00:00

Test results:
  No issues identified.

Code scanned:
  Total lines of code: 1563
  Total lines skipped (#nosec): 0
  Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
  Total issues (by severity):
  	Undefined: 0
  	Low: 0
  	Medium: 0
  	High: 0
  Total issues (by confidence):
  	Undefined: 0
  	Low: 0
  	Medium: 0
  	High: 0
Files skipped (0):

[github-actions]

Test results for commit ff47140

Test coverage for ff47140

Name                  Stmts   Miss Branch BrPart  Cover   Missing
-----------------------------------------------------------------
src/certificates.py      64      5     18      5    88%   115->117, 117->120, 157-159, 171, 191
src/charm.py             70      1      4      0    99%   125
src/config.py            13      0      2      0   100%
src/state.py             53      5      6      1    90%   87-89, 151-152
src/workload.py          98      9     22      2    88%   168-170, 175-177, 179-181
-----------------------------------------------------------------
TOTAL                   298     20     52      8    91%

Static code analysis report

Run started:2026-02-18 13:54:40.847159+00:00

Test results:
  No issues identified.

Code scanned:
  Total lines of code: 1440
  Total lines skipped (#nosec): 0
  Total potential issues skipped due to specifically being disabled (e.g., #nosec BXXX): 0

Run metrics:
  Total issues (by severity):
  	Undefined: 0
  	Low: 0
  	Medium: 0
  	High: 0
  Total issues (by confidence):
  	Undefined: 0
  	Low: 0
  	Medium: 0
  	High: 0
Files skipped (0):